Lucene search
HistoryJun 04, 2009 - 4:30 p.m.
CVE-2009-1912
cve-2009-1912
directory traversal
webspell
remote attack
arbitrary execution
php
language cookie
security vulnerability
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.3%
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a … (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
Affected configurations
Node
webspellwebspellRange≤4.2.0e
ORwebspellwebspellMatch4.0
ORwebspellwebspellMatch4.0.2c
ORwebspellwebspellMatch4.1
ORwebspellwebspellMatch4.01.00
ORwebspellwebspellMatch4.1.1
ORwebspellwebspellMatch4.01.01
ORwebspellwebspellMatch4.01.02
ORwebspellwebspellMatch4.1.2
ORwebspellwebspellMatch4.2.0c
ORwebspellwebspellMatch4.2.0d
References
Related
prion
prion
Directory traversal
2009-06-04 16:30:00
cvelist
cvelist
CVE-2009-1912
2009-06-04 16:00:00
nvd
nvd
CVE-2009-1912
2009-06-04 16:30:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.3%
Related for CVE-2009-1912